Method and system for preventing and detecting security threats

ABSTRACT

A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

RELATED APPLICATION DATA

This application is the National Stage of International PatentApplication No. PCT/CA2012/000298, filed Mar. 30, 2012, the disclosureof which is hereby incorporated by reference in its entirety.

FIELD

The present disclosure relates generally to preventing and detectingsecurity threats to an operating system and certified applicationsoperating on an electronic device.

BACKGROUND

Devices such as mobile phones, tablets, games consoles, set top boxes,televisions, personal navigation devices, and other consumer electronicsdevices (or simply “devices”) are typically purchased by consumers fromretail distribution channels (e.g., consumer electronics stores) or maybe sold to or leased to consumers by service providers (or simply“operators”)—e.g., mobile network operators, broadcast televisionnetwork providers, or Internet video providers. Traditionally, suchdevices were closed devices or embedded devices that were based onproprietary hardware and operating systems and that did not supportthird party software applications. However, such devices haveincreasingly become open devices. It should be understood that “open” inthe context of this background discussion can include varying degreesincluding, but not limited to, standard hardware (such as a system on achip based on an Intel or ARM processor), open source operating systemsand software, open or published APIs to enable third party applicationsdevelopment, and/or freely modifiable programming.

Such devices may include open source operating systems, including thosesuch as Linux (an open source Unix-type operating system originallycreated by Linus Torvalds with the assistance of developers around theworld) or Android (an open source mobile operating system based on amodified version of the Linux kernel and marketed by Google, Inc. ofMountain View, Calif.).

Attacks on closed or embedded devices, in the form of unauthorized useand access, have taken place for many years. However, such hacking ofembedded devices has been a specialized and highly technical processthat required a specialized combination of hardware and software skills.In contrast, open devices have hardware and operating systems that arewell understood by many developers and hackers. Accordingly, this trendto open devices greatly increases the potential number of hackers withknowledge and expertise that renders such open devices much moresusceptible to attack. Such open devices also support the capability forthird party application developers to develop applications for thosedevice (e.g., open API's) and hence such devices also increasinglysupport the capability for consumers to download, install, and executethird-party software applications (or simply “applications”) on suchdevices. Such applications are not developed by the operator or theoriginal equipment manufacturer (or simply “OEM”) of the device. Interms of software design, such applications may be developed using ascript language (e.g., JavaScript) that is executed within aninterpreter or virtual machine or native code that runs directly on thedevice (e.g., a C or C++ program).

The capability for consumers to purchase or lease and to download andinstall third-party software applications on devices may be provided bythe OEM (e.g. Apple Inc.), an operator, or a company that isunaffiliated with the OEM or operator typically via an Internet-basedretail interface—e.g., the iTunes Store or the Android Market(software-based online digital media stores operated by Apple Inc. andGoogle Inc., respectively). Internet-based retail interface provides asystem by which the third-party application developer (or simply“developer”) shares part of the revenue from sales of an applicationwith the Internet-based retail interface provider. The trend to enableconsumers to download and install such third-party applications ondevices also increases the potential security concerns for consumers,operators, developers and OEM's beyond those that would normally beassociated with an embedded device.

Third-party software sold to the consumer may contain malicious softwareknown as malware (e.g., worms, viruses, Trojans, rootkits, andbackdoors). Such malware may cause a breach of consumer privacy—e.g.,malware on a mobile phone might monitor a user's position via the GPScapabilities of the mobile phone and transmit such positional data to aremote server. Malware may also cause identity theft or fraudulent useof the device or related services—e.g., malware on a mobile phone couldautomatically dial services which add charges to a user's mobile phonesubscription. Malware may also cause network stability problems foroperators—e.g., malware on mobile phones could inappropriately usenetwork capabilities such as SMS or mobile voice calling to create adenial of service attack against a mobile network operator's networkimpacting the network service quality or availability.

Additional security concerns include unauthorized applications.Providers of Internet-based retail interfaces may “certify” applicationsor application developers to ensure that malware is not present in theapplications sold through their Internet-based retail interfaces. Thisserves to provide some level of protection against the malware concernsand to prevent applications from otherwise compromising the security ofthe device and/or device network (i.e., mobile network). If thiscertification process can be circumvented or is not exhaustive, thenconsumers may unknowingly download malware onto their devices from anunauthorized Internet-based retail interface or other Internet web site.If this certification process can be circumvented or is not adequate todetect potential malware then consumers may unknowingly download malwareonto their devices from an Internet-based retail interface.

A rootkit is a particular type of malware that enables continuedprivileged access to a computer while actively hiding its presence fromadministrators by subverting standard operating system functionality orother applications. An attack by rootkit malware consists of severalstages and uses various components: a vulnerability or capability existsin the system that is the subject of an exploit to take advantage of itand do something not foreseen or intended. The intent of the exploit istypically to install a payload such as additional malware componentsthat can continue to operate behind the scenes, receiving and executingnew instructions from a remote server. Typical payload activitiesinclude surreptitious uploading of private user information, sendingspam or launching distributed denial-of-service (DDOS) attacks.

Many rootkits make use of loadable kernel modules to modify the runningoperating system kernel to execute the payload. A loadable kernel modulecontains code to dynamically extend the running kernel of an operatingsystem without loading all desired functionality in memory at boot time.

Rootkit detection is difficult because a rootkit may be able to subvertthe software that is intended to find it. Known detection methodsinclude using an alternative, trusted operating system; behavioral-basedmethods; signature scanning; difference scanning; and memory dumpanalysis. Removal of a rootkit can be complicated or practicallyimpossible, especially in cases where the rootkit resides in theoperating system kernel where reinstallation of the operating system maybe the only available solution to the problem. When dealing withfirmware rootkits, removal may require hardware replacement, orspecialized equipment.

Existing approaches to platform security (i.e., security intended toaddress one or more of the security problems noted above) typicallyinvolve one or more of the following methods further grouped anddescribed herein below.

“Operating system security” is a security method whereby one or morefunctions or capabilities including process isolation, access control,private application programming interfaces (APIs), and applicationcertification/signing, and application licensing services may beprovided by an operating system. Such functions and capabilities arefurther described as follows.

“Process isolation” may be supported by the operating system (or ahypervisor installed beneath the operating system) to ensure that eachapplication and parts of the system runs in its own process anddedicated memory space such that, by default, no application has thecapability to perform any operation that could adversely affect anotherapplication, the operating system (OS), or the consumer. Eachapplication process can be considered to be running in its own operatingenvironment often referred to as its own “sandbox.” However, to developapplications that are useful to users, most applications must be able toaccess operating system services (e.g., on a mobile phone OS, send shortmessage service (SMS) text messages, get user location, record phonecalls, take pictures, or the like) that are not supported within thebasic sandbox. This limits the effectiveness of process isolation or the“sandbox” as the application must access operating system servicesoutside the sandbox, which increases the probability that theapplication may perform operations that negatively affect otherapplications, the OS, or the consumer.

“Access control” involves the ability to address the requirement forapplications to use OS services or resources outside the sandbox or fornative applications, OS services or resources that could enable a nativeapplication to adversely affect other applications, the consumer or anetwork. Here, the OS includes access control functionality that makesdecisions about whether to grant such access to a requestingapplication. This access control functionality may be combined with theconcept of permissions. For example in the Android OS from Google Inc.,application developers must declare the permissions required by theirapplications in an associated manifest file to enable the application toperform any operation that might adversely affect other applications,the OS, or the consumer. Access control decisions may also be based onthe privileges inherently granted to an application (e.g., userapplication or root access in the Linux OS). One of the problemsassociated with permissions is related to the question of who or whatgrants permissions to an application and whether the grantor understandsthe implications of such approval (e.g., in the Android OS case it isthe consumer that grants such permissions). Another problem is that suchpermissions may be modified by malware or an attacker following suchgrant of permissions by the consumer or the certifying authority. Someoperating systems have access control frameworks that enable differentaccess control models to be implemented (e.g., Linux Security Module(LSM)). LSM enables different access control models and functions to beimplemented as loadable kernel modules.

“Private APIs” are another mechanism to limit the ability ofapplications to access operating system services or resources that mayadversely affect platform security. Here, although many system API's maybe open or public, the OEM may limit access to certain operating systemservices by maintaining the secrecy of API's required to access suchservices from applications developers. This is normally coupled with anapplication certification process to ensure that applications submittedfor certification do not attempt to call such private API's.

“Application certification/signing” involves various existingapplication certification processes in current use that ensureapplications do not perform malicious operations and/or access privateAPI's. These processes generally include static verification (e.g.,scanning the object code prior to execution) of the application (e.g.,to verify that private API's are not called by the application) anddynamic verification (e.g. to verify the “stability” of the applicationduring execution). If the Application passes the certification processit is then digitally signed by the certifying authority (which may alsobe the Internet-based retail interface provider) in a form that canlater be verified. One of the problems with current applicationcertification schemes is that a comprehensive verification is notreadily automated and, hence, is not exhaustive. Because of this, amalicious operation could be embedded in the application in such amanner that it will only execute at a pre-specified time following theapplication certification/signing process. Accordingly, such maliciousoperation can avoid detection during the verification process. Anotherproblem with application certification is the sheer number ofapplications that may have to be certified by an Internet-based retailinterface provider. For example, it is estimated that the Apple Inc.'sInternet-based retail interface for providing mobile softwareapplications for their iPhone™ brand smartphone has over 300,000applications and that there are 10,000 new applications submitted toApple Inc. each week. This makes it cost-prohibitive to performexhaustive verification of applications before certification. Anotherproblem is that a hacker could modify or replace the root of trust inthe OS (i.e., a digital certificate and software) used to verify theintegrity of the application against the signature generated by theInternet-based retail interface provider such that the application canbe modified following application certification/signing, such that thepermissions associated with the application can be modified to allow ahostile third party to load an unauthorized or pirated application ontothe device by a consumer.

“Application licensing services” involves protection against applicationpiracy whereby the system provides a license service. For example, theAndroid OS provides a licensing service that lets an applicationdeveloper enforce licensing policies for paid applications. However,these types of application licensing services can be readilycircumvented by hackers by modifying the application to extract suchlicense verification checks.

In addition to the problems noted in each of the above functions andcapabilities found within platform security, there is a problem that iscommon to process isolation, access control, and application licensingservices whereby the portions of the OS that support such securityfunctions can be subverted or bypassed by modifying portions of theoperating system that perform such functions. To prevent such changes tothe OS security functions or other OS functions, a further method ofutilizing a “secure boot loader” is often implemented in devices.

A “secure boot loader” (or “secure boot” for short) is used to ensurethat only the intended boot software and OS kernel are loaded onto thedevice. Here, the authentication compares the applicable softwareagainst a signature generated by the device OEM. The authentication orintegrity verification of the boot software and the OS kernel occur onlyduring device start-up such that this mechanism can be circumvented bydynamic attacks occurring during the boot process. Once the secure bootloader has been bypassed, the OS can be modified to bypass othersecurity functions that may be present in the OS. These dynamic attackscan be highly automated so that they are accessible by consumers that donot otherwise have the technical skills to independently implement suchattacks (i.e., jailbreaking techniques). Moreover, there is no way torestore device security for devices already deployed in the field oncethe secure boot process has been compromised.

In addition to the problems noted above relating to platform security,there is a problem that is common to process isolation, access control,application licensing services, virtual machines, and secure bootloaders that relates to the ability to recover from an attack.Generally, once an attack has occurred there is no mechanism in place torecover platform security for devices that have been sold or licensed orotherwise distributed to consumers. We refer to this as “staticsecurity” because the assumption inherent in the design of such platformsecurity is that the platform security mechanisms put in place willresist any and all attacks during the useful lifespan of the device.Static security is often attacked and such attacks are then “packaged”into automated attacks that can be implemented by the average consumer(e.g., the known jailbreak attack on the iPhone™ developed by Apple™).

“Virus detection and intrusion prevention software” is another securitymethod used to detect malware and mitigate any damage that such malwaremay cause. To date, nearly every solution to detect malware on devices,such as mobile phones, has relied upon the same “signature”-basedmechanisms that personal computer (PC) anti-virus solutions have usedfor years. The term “signature” here does not involve a digitalsignature, but rather a set of attributes by which a specific piece ofmalware can be identified—e.g., an attribute such as being of a specificlength and having a specific sequence of bytes at a certain locationwithin it. However, these signatures are only understood once themalware has been deployed, meaning the malware may have already causeddamage. Additionally, these signature-based types of solutions must beconstantly updated and must be able to detect 10's of thousands ofmalware signatures. These alone cannot be relied upon as the only meansof detecting and preventing damage from malware on devices.Additionally, anti-virus software itself can be modified or disabled bymalware to prevent such detection.

“Virtual machines” is yet another security method used to apply platformsecurity. Virtual machines, such as the Java™ virtual machine (JVM), aredesigned to allow the safe execution of applications obtained frompotentially untrusted sources. The JVM accepts a form of computerintermediate language commonly referred to as Java™ bytecode which is aprogramming language conceptually representing the instruction set of astack-oriented, capability architecture from Oracle Corporation ofRedwood Shores, Calif. Java™ applications run in a restricted sandboxwhich is designed to protect the user from misbehaving code or malware.This comes with performance limitations and limitations in terms of thefunctionality—e.g., applications are prevented from accessing operatingsystem functions and resources that are deemed to be “hazardous”.

Each of the aforementioned security methods form part of a staticplatform security functionality 100 as shown in prior art FIG. 1.Additionally, secure bootstrap loading 110 as shown in FIG. 1 is wellknown, for example within U.S. Pat. No. 6,185,678 issued to Arbaugh etal. on Feb. 6, 2001, and not further described herein.

It is, therefore, desirable to provide a security mechanism thatovercomes some of the problems associated with previous methods ofpreventing unauthorized use of a device and digital assets on thatdevice and the limitations of static platform security.

SUMMARY

According to a first aspect, there is provided a system, and relatedmethod, for prevention and detection of security threats that comprisesdevice hardware including at least one CPU and memory, an abstractionlayer stored in the memory that is operable between the device hardwareand application software, and a secured software agent embedded with theabstraction layer, the secured software agent configured to limit accessto the abstraction layer. In some aspects, the abstraction layer is anopen operating system, such as Linux, and in some aspects, the securedsoftware agent is compliant with a Linux Security Module.

According to a related aspect, the secured software agent is configuredto prevent loading software code that is used to extend thefunctionality of the abstraction layer. In some aspects this softwarecode is a loadable kernel module. In another aspect, the securedsoftware agent is configured to validate the loadable kernel module, andpreventing loading the loadable kernel module is based on a successfulvalidation. In some aspects, the validation is based on informationunique to the loadable kernel module stored in a secure store accessedby the agent. In some aspects, the secured software agent can beincorporated into a kernel utility that loads loadable kernel modules,that in some other aspects, includes the Unix based kernel utilityinsmod.

According to another related aspect, the secured software agent isconfigured to block over-writing pointers to system calls to theabstraction layer. In some aspects, the secured software agent blockswriting a system call table that contains pointers to system calls. Insome aspects, the secured software agent blocks writing to a memoryrange containing the system call table.

According to yet another related aspect, the secured software agent isconfigured to block a debug utility request. In some aspects, thesecured software agent is configured to determine whether the debugutility request attempts to attach to any one of a certified applicationand a component of the abstraction layer, and the secured software agentblocking the debug utility request is based on the determination. Insome aspects, the debug utility includes a process tracing system callto the abstraction layer. In a further aspect, the debug utility isptrace or the Android Debug Bridge daemon.

Other aspects and features will become apparent to those ordinarilyskilled in the art upon review of the following description of specificembodiments in conjunction with the accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the various embodiments described hereinand to show more clearly how they may be carried into effect, referencewill now be made, by way of example only, to the accompanying drawingswhich show at least one exemplary embodiment, and in which:

FIG. 1 is a schematic representing prior art static platform securityfunctionality.

FIG. 2A is a layer schematic showing an embodiment as applied to anAndroid OS.

FIG. 2B is a layer schematic showing another embodiment as applied to anAndroid OS.

FIG. 2C is a layer schematic showing yet another embodiment as appliedto an Android OS.

FIG. 3 is a schematic showing certain aspects of dynamic platformsecurity functionality in accordance with the accordance with theembodiment of FIG. 2A.

FIG. 4 is a schematic illustrating a typical boot loading sequence inaccordance with the embodiment of FIG. 3.

FIG. 5 is a schematic illustrating a provisioning sequence in accordancewith the embodiment of FIG. 3.

FIG. 6 is a schematic illustrating an installation of applicationpermissions in accordance with the embodiment of FIG. 3.

FIG. 7 is a schematic illustrating continuous system integrity duringruntime in accordance with the embodiment of FIG. 3.

FIG. 8 is a schematic illustrating validation of a user applicationrequest during runtime in accordance with the embodiment of FIG. 3.

FIG. 9 is schematic illustrating application permission enforcementduring runtime in accordance with the embodiment of FIG. 3.

FIG. 10 is a schematic illustrating a loadable kernel module enforcementprocess in accordance with the embodiment of FIG. 3.

FIG. 11 is a schematic illustrating a system call table protectionprocess in accordance with the embodiment of FIG. 3

FIG. 12 is a schematic illustrating a debug blocking process inaccordance with the embodiment of FIG. 3

DETAILED DESCRIPTION

Though applicable to any mobile phones, games consoles, tablets, set topboxes, televisions or other consumer electronic devices, the embodimentsdescribed herein will be in terms of such devices that use an open OSsuch as, but not limited to, the Linux or Android™ OS. In particular,the preferred embodiment will be shown and described relative to theAndroid™ OS for purposes of illustration only and should not beconstrued as limiting the intended scope of the present disclosure.Indeed, some of advantages described in terms of preventing installationof rootkits or preventing probing the OS for vulnerabilities areuniversally applicable to any device OS with particular usefulness toany open device as a result of the inherently greater security risksassociated with such open devices.

With reference to FIGS. 2A-C, an overall layer schematic 200 of anAndroid™ OS environment showing the basic architecture of the layeredexecution stack. A base layer 219 involves typical system on a chip(SOC) components including a central processing unit (CPU), graphicsprocessing unit (GPU), and memory (read only memory (ROM)) within whichthe basic input/output system (BIOS) resides. The uppermost layerillustrated in FIGS. 2A-C is a device application shown here as one ormore Android™ applications 210 a, 210 b. Intervening layers include thevarious known software and hardware elements including a hard disk drive(HDD) storage device or flash memory 220, the OS kernel 215 and OSkernel application interface layer 214 which manages system callsbetween the OS native applications 223 and the Android™ OS 213. Inaccordance with the illustrated embodiment, the layered execution stackfurther includes a Java™ access control (JAC) layer 212 between theAndroid™ OS 213 and the virtual machine (VM) layer 211 (i.e., Dalvik,which is the Android™ VM that forms an integral part of the Android™OS). The VM layer serves to convert the given application into a compactexecutable form (i.e., the “.dex” format in terms of Android™applications) suitable for execution in a known manner on the givendevice. The JAC layer 212 serves to provide secure access control byauthenticating communication between the machine executable code of theVM layer 211 and a security agent (or simply “agent”) 217. Such accesscontrol functionality may include any suitable known mechanism thatprovides a bridge between scripted apps and the native agent to allowthe agent to verify the integrity of the scripted application therebyextending the range of “applications” to scripted applications. Itshould further be understood that if all applications are assumed to benative applications 224, then the JAC layer 212 would not be required.

It should be understood that some embodiments can be implemented inconjunction with known static platform security functionality 100 asshown in FIG. 1. More specifically, some embodiments can includeexisting OS system security functions, such as process isolation, byensuring that the portions of the operating system that perform suchfunctions are not modified during the boot process or during run time.As well, the embodiment complements existing secure boot loaderfunctions (Stage 1 Bootloader 221 and Stage 2 Bootloader 222 as shown inFIGS. 2A-C) by verifying that the correct secure boot loader path wasfollowed and by dynamically verifying the integrity of the OS and bootloader. It should be understood that such secure boot loader onlyfunctions as such during start-up.

The agent 217 is embedded in the OS kernel 215, and is preferablyimplemented to use the Linux Security Module interface (LSM I/F). Theagent 217 inserts “hooks” (upcalls to the agent 217) at points in thekernel where a user-level system call from an application is about toresult in access to an important internal kernel object such as inodesand task control blocks. LSM is not further discussed herein as it is aknown framework (which is applicable to Android™ as well as Linuxdistributions) that allows the Linux kernel to support a variety ofcomputer security models without favoring any single securityimplementation. In order to render the agent 217 resistant to tampering,modification, and reverse engineering attacks, the agent 217 is itselfprotected using known software protection techniques such as, but notlimited to, those described in more detail in U.S. Pat. Nos. 6,594,761,6,779,114, 6,842,862, and 7,506,177 each issued to Chow et al. whichillustrate examples of such tamper resistance that may be usable inconjunction with the disclosed embodiments.

It should be understood that the agent 217 forms an integral andun-detachable part of the OS kernel 215 without which the device OS 213and/or the applications 210 a, 210 b, 224 will cease to functioncorrectly. One example of the functions of the agent 217 is to monitorthe integrity of both the OS 213 and the applications 210 a, 210 b, 224loaded onto the device, and to detect any breaches of the OS 213 orsecure boot 221, 222. The agent 217 maintains and has sole access to asecured data store 218 within which the agent 217 keeps informationrelevant for the agent's performance of kernel resource access control,integrity verification, application licensing and application resourceaccess control. While the secure store 218 is shown in FIG. 2A as beinga separate component of the inventive system, it should be understoodthat the secure store 218 may exist within the hard drive or flash 220as seen in alternative embodiment 201 of FIG. 2B. Still further, thesecure store 218 may exist as a secure memory within the system on achip base layer 219 as seen in further alternative embodiment 202 inFIG. 2C.

In terms of kernel resource access control, the agent is configured tocontrol application access to OS kernel resources and data. The accesscontrol decisions made by the agent 217 are based on, but not limitedto, factors such as: OS kernel integrity, application integrity,application context, and the privileges granted by any given trustedroot authority. An access control decision based on OS kernel integritydetermines whether the kernel has been modified, been replaced, beenadded to, or had portions removed in an unauthorized manner. The accesscontrol decision will also determine whether the secure boot processeven occurred. If the OS kernel has been modified, replaced, added to orportions removed or the secure boot process cannot be positivelyverified, this determination would serve to invalidate many of theassumptions that the agent 217 or an application 224 or a secureapplication such as a media player would normally operate under. Anaccess control decision based upon application integrity determineswhether the application that is attempting to access OS kernel resourceshas been modified in any way (e.g., to insert malware into theapplication or by other malware) or whether the privileges associatedwith that application been modified (e.g., to give it privileges toaccess system resources that were not authorized by the certifyingauthority).

An access control decision based upon application context determineswhether a given application is functioning in some manner outside thecontext of that application. Thus, the agent 217 can make contextsensitive access control decisions. An access control decision basedupon any given trusted root authority determines application permissionsrelative to the authority. In other words, some embodiments may supportmultiple application signing authorities such that the agent 217 maygrant an application signed by a highly trusted authority a greaterdegree of latitude in terms of access to system resources than may begranted to an application signed by a less trusted authority or anapplication that was not certified at all.

In terms of the agent's performance of integrity verification, the agentis configured to dynamically monitor (e.g., in memory while the softwareis running) the integrity of the kernel, the secure boot components, theagent itself, and all protected applications and unprotectedapplications to determine if any of these items have been modified inany way at any time during the execution of the given application(s)(e.g., dynamic tampering which might be implemented using a debugger).

In terms of the agent's performance of application resource control, theagent 217 is configured to control access to application resources whichmay include, for example, a portion of the application that has beenencrypted by the agent 217, or data files that are required by theapplication to execute (e.g., game resource files), or data to controlexecution of applications. Such access control decisions are based onfactors such as, but not limited to, the presence of valid license dataor the confirmation of the identity of the device or consumer, either ofwhich are designed to protect applications from piracy.

The agent 217 can be embodied in software and generated by diverse codeportion combinations with a fixed interface. Creation of such variationsin code portions can be accomplished according to known methods, orcombinations of such methods, including those described in U.S. Pat.Nos. 6,594,761, 6,779,114, 6,842,862, or 7,506,177 each issued to Chowet al. or any other suitable known method. Such variations can be termed“diverse agents” or “updated agents.” Diverse agents are those whichhave the same functionality, F, but that are structurally andsemantically diverse. The objective of generating and deploying diverseagents is to prevent an automated attack—i.e., an attack developed by asophisticated attacker that can be sufficiently automated that it issimple to use by an average consumer and that would be applicable toeach and every agent deployed in some installed base of devices. Suchdiverse agents may be deployed across different instantiations of adevice, different types of devices, devices sold in different geographicregions or by different operators, etc.

Updated agents are those whereby if an agent, A1, with functionality setF1, is deployed in the field and is compromised or attacked in some way,it is desirable to fix such vulnerability. This may be accomplished bygenerating an agent, A2, that incorporates the functionality F1 butwhich also incorporates a new functionality designed to prevent theattack on A1. This incremental functionality, F2, is such that thefunctionality of A2 is now F1+F2. By applying diversity capabilities toA2, it is more difficult for an attacker to isolate the softwarefunctions in A2 (e.g., through differential analysis) which implementthe new functionality F2. Updated agents provide a mechanism to addressattacks on devices or agents that are already deployed in the field.Such updated agents could be downloaded by consumers, pushed to thedevice via a software update mechanism or pulled to the device by theexisting agent. Where such updates occur, it should be understood thatthey are accomplished by configuring the agent software for updates uponidentification and analysis of any attempted or actual successful attackby a security threat. Therefore, updates to the agent 217 can be issuedfor attacks that are “in development” as hackers will often postinformation of attacks that are in development or known vulnerabilitiesbut which have not yet succeeded in reaching the attackers objectives.

With regard to FIG. 3, a more detailed schematic 300 of the dynamicplatform security functionality is shown in accordance with thegeneralized stack architecture illustrated in FIG. 2. Here, it can beseen clearly, when compared with prior art FIG. 1, how the illustratedembodiment compliments and can be implemented in conjunction with theknown static platform security functionality. As in the previous FIGS.2A-2C, the base layer includes typical SOC 329 components including aCPU 330 and ROM 333 within which BIOS 331 resides.

In terms of the operations shown in FIG. 3, there is a typical secureboot loader sequence 310 provided as shown. It should be understood thatsome embodiments could leverage existing secure boot technology. Itshould equally be understood that the boot sequence may equally apply to1 stage or the many stages there-after. Typically there are 2 bootloading stages 334, 335 in a system as shown in FIG. 3. Generallyspeaking, bottom up validation of secure boot components occurs as thefirst component validates the second component before transferringexecution control to the next component. This boot time integrityverification is shown by way of dotted lines. Here, the first stageoccurs upon device reset, where ROM code is hard wired to the devicereset address. The ROM (or boot ROM) 333 loads the next boot stage 334after verifying that the next boot stage is the intended boot stage.This verification or authentication is performed by computing a digitalsignature from the HDD or flash memory 328. If the digital signaturematches the pre-computed value (as encapsulated in the digitalcertificate 332 as shown), then the OS boot loader 335 will be loadedinto main memory and executed. If the signature does not match thepre-computed value at any stage, execution control will not transfer tothe next stage and the device will fail to boot. When the OS boot loader335 has execution control, the OS boot loader performs 335 a similaroperation of validating the OS image from the HDD or flash memory 328.Again, if the computed signature matches the expected pre-computedsignature, it will load into memory the OS image and transfer control tothe OS image (i.e., the Linux kernel 325 operating in the Android™ OS339 as shown). The OS image will then initialize, and during thisprocess the agent 336 will also be initialized. While the agent 336 isincluded in the OS image which is digitally signed, it should beunderstood that the agent 336 may be updated. This is because signaturesare broken down into logical module separation and each module has itsown signatures that are checked during the secure boot process.Therefore, any module may be replaced though the signature must be validand trusted cryptographically with a digital signing private key.

With continued reference to FIG. 3, the OS kernel 325 is shown as theLinux kernel modified for the Android™ OS 339. The OS kernel 325 can beimplemented using a Linux Security Module (“LSM”). As mentioned above,LSM is a framework that allows the Linux kernel 325 to support a varietyof computer security models while avoiding favoring any single securityimplementation. LSM provides hooks at every point in the Linux kernel325 where a user-level system call is about to result in access to animportant internal kernel object. LSM can be used to implement a widerange of security functions (e.g., Mandatory Access Control (MAC), OnAccess Virus Checking).

The agent 336 can also be configured to include integrity verification(or simply “IV”). The IV function that is embedded in the agent 336enables the agent 336 to perform static integrity verification (e.g., onHDD or on flash memory) and dynamic integrity verification (e.g., inrandom access memory (RAM)). IV is implemented by computing a hash valuefor an application or system component and then comparing that to aknown good value for the hash function. If the calculated value is thesame as the stored known good value, then the agent assumes that thecomponent has not been modified by an attacker. However, if thecalculated value is different than the stored known good value, then theagent assumes that the component has been modified and can no longer betrusted to perform the functionality that it was intended to perform orthat it should no longer have the same privileges that were originallyassigned to it.

As shown in FIG. 3, the agent 336 performs IV checks on a number ofdevice software components on an ongoing basis. This “integritymonitoring” is done to detect any unauthorized modification (e.g.,tampering) such as the modification, replacement, removal, or additionsof components or sub-components that are critical to supporting thesecurity objectives for the system.

Such components monitored via IV by the agent 336 can include: ROM BIOS331; HDD or device flash memory 328; stage 1 bootloader 334; stage 2bootloader 335; Linux kernel 325 or portions of the Linux kernel; systemcall interface (I/F) 338; agent 336 including the secure store 327(during both boot time and run time as indicated, respectfully, bydotted and solid arrows in FIG. 3); native application 320; Android™ OS339; native Android™ application 321; JAC 324; Android™ (Dalvik) virtualmachine 323; Android™ application 322; and application & systemprovisioning sequence (as further described with regard to FIGS. 4 and 5below).

Such integrity monitoring (shown by solid arrows) of native application1 320 is illustrated in FIG. 3. Here, the agent 336 continuouslymonitors native application 1 320 such that integrity is verified whenthe native application 1 320 attempts to access system resources throughthe system call I/F 338. This occurs through signature verification 337whereby the agent 336 implements IV by comparing signature 1 340 to aknown good value corresponding to application 1 resources. Inparticular, application 1 resources include IV information and theapplication signing certificate stored in a secure store 327. If thesignature 1 value is the same as the stored application signingcertificate (i.e., known good value), then the agent 336 assumes thatthe native application 1 320 has not been modified by an attacker andthat its permissions or privileges 341 have not been modified. However,if the signature 1 value is different than the known good value, thenthe agent 336 assumes that the native application 1 320 has beenmodified and can no longer be trusted to perform the functionality thatit was intended to perform. This process occurs for all nativeapplications that may be present up to native application n 321.

The process isolation block 326 shown in FIG. 3 will be furtherexplained with regard to FIG. 4 where there is illustrated a runtimeboot loading sequence 400. In particular, upon device reset a top downvalidation (at steps 1, 2, and 3) of secure boot components can be seen.This validation serves to ensure that the OS that is loaded onto thedevice is the one intended by the OEM or operator and that the OS hasthe intended functionality. Once the agent 336 gains execution controlduring initialization (at step 4), the agent 336 will perform IV uponitself along with the previously executed components of the secure bootloader including the boot ROM image, the OS boot loader, and the OSimage. If the integrity (from steps 1 through 4) of all of thesecomponents is confirmed by the agent 336 by using comparisons to dataresident in the agent secure store 327 (at steps 5 though 8), then theagent 336 assumes that the OS that is installed on the device is theintended OS and that certain security functionality that may beperformed by the OS has not been modified. However, if the agent 336determines that one or more of the components cannot be authenticated,the agent 336 may take corrective action.

One possible corrective action taken by the agent 336 is to replace theboot components with a backup image of the intended boot components,then reset the device and start the boot up process again. If the agent336 detects that the system is invalid after a number of attempts tocorrect invalid components, then the agent 336 can deny all furtheraccess to critical system resources or application resources. It shouldbe readily apparent that the number of attempts is a matter of designchoice using a predetermined variable. Likewise, the determination ofwhich system resources can be considered critical can be predeterminedbased upon the given device usage. Other corrective actions can also beimplemented by the agent 336.

It should be understood the preceding detailed description presumes thatan application already exists and is therefore known to the OEM,operator, Internet-based retail interface provider, and, in turn, knownto the agent 336. However, it is readily apparent that new applicationscan be developed and older applications can be updated. As such, FIG. 5illustrates the processing that is applied to an application(unprotected) submitted by a developer during the applicationcertification process 500. The agent can include an asset protectiontool 514 that can be implemented as a software tool configured to createand update the encrypted application secure store 512. The assetprotection tool 514 stores information to protect the unprotectedapplication. It should be understood that a variety of tamper resistanttechniques can be applied to the stored information such as, but notlimited to, secure loader and IV, and the use of whitebox cryptographyto protect cryptographic secrets at rest (e.g., on disk) and in use(e.g., in-memory).

With further regard to FIG. 5, there is provided an unprotected asset515 (i.e., new application from a developer) at step 1. Created by theapplication developer or development system is an unsigned enhancedpermission container manifest 510 at step 2. This lists the permissions(A, B, . . . etc.) granted to the application by the certifyingauthority. Moreover, the permissions are mapped to specific set ofkernel system calls. After the unsigned manifest 510 is created, theasset protection tool 514 is configured to generate or use a providedprivate root of trust key 511 at step 3. The root of trust may beautomatically and randomly generated by the asset protection tool. Theasset protection tool 514 then signs the unsigned application 515 viathe asset protection tool 514 at step 4 and places the result in asigned enhanced permission container manifest that exists within theapplication secure store 512. Moreover, the signed version of theenhanced permission container manifest is stored at step 5 in theapplication secure store 512 where information specific to the givenasset (e.g., code signature, enhanced permission container manifest,root of trust keys) are placed. The resultant outcome at step 6 is asigned and protected asset 513 in the form of a fully provisionedapplication. Optionally, the unprotected new application may have asecure loader wrapped around it so as to provide a resulting protectedasset with static tampering resistance and be IV enabled.

It should further be understood that not all application types may beprovisioned for any particular embodiment of the asset protection tooldiscussed above. For example, in the embodiment related specifically tothe Android™ OS, a typical list of application types that can beprovisioned, installed, and subsequently run on the system implementingthe present embodiment may be limited to a native OS application, anative Android™ application, and an Android™ application. Other open OSimplementations may of course be possible beyond the specific Android™OS implementation illustrated herein.

The permission information created in the provisioning sequence of FIG.5 is further used by the agent 336 during installation onto the deviceand during runtime of the given application. Moreover, when the givenapplication code selected from the types of available applications isprovisioned the resulting signed enhanced permission container manifestin the application secure store contains all the permissions that theapplication code requires during runtime. The enhanced permissioncontainer manifest can specify the application code signature and thesignature of the container itself to prevent tampering of the containeror application after the application code has been signed.

With regard to FIG. 6, initial installation 600 of applicationpermissions is illustrated. The signed enhanced permission containermanifest 611 is found within the application secure store 610 that wascreated during provisioning time in FIG. 5. As previously mentioned, theenhanced permission container manifest 611 is encrypted by the assetprotection tool 514. Accordingly, this facilitates transfer of theenhanced permission container manifest 611 from the application securestore 610 to the agent secure store 612. Both the application securestore 610 and the agent secure store 612 comprise the secure store asgenerally shown in FIG. 3.

Within the enhanced permission container manifest 611 there exists apermission list (i.e., Permission A, Permission B, . . . etc.). Thepermission list determines what OS kernel resources can be accessed bythe given application code that forms the application being installedand run. The application code signature is used by the agent 613 toperform IV on the application to ensure it has not been modified at thetime it makes the OS request for particular kernel permissions, such as“install” requests. The container signature is a reference value for thecontainer itself, and is used by the agent 613 to ensure the contents ofthe container have not changed. Once the integrity of the OS and theapplication have been verified, the installed application's enhancedpermission container manifest will be stored in the agent secure store612 for future reference of other permission requests for thatapplication.

With further regard to FIG. 6, the installation sequence includes firstsending at step 1 a request to the OS kernel 614 to install anapplication pursuant to an installer directive from the application code615. Subsequently, the OS kernel 614 passes along the request to theagent 613 at step 2. The agent 613 validates (via IV as alreadydescribed above) the OS kernel 614 at step 3. It should be understood aspreviously noted above, that the agent 613 also validates the OS kernel614 in an ongoing manner (i.e., as a background process). At step 4, theagent 613 accesses the application secure store 610 to retrieve thesigned enhanced permission container manifest 611 therefrom. The agent613 validates at step 5 the application's signed enhanced permissioncontainer manifest through IV using the signed enhanced permissioncontainer manifest 611. The agent 613 at step 6 stores the validatedapplication's enhanced permission container manifest into the agentsecure store 612 for future reference. Based upon the step 5 validationoperation, the agent 613 allows or denies the install to the OS kernel614 at step 7. In turn, the OS Kernel 614 at step 8 passes thepermission (allow or deny) to the installer directive that is installingthe application to be installed to ultimately allow or deny installationof the application code 615.

As mentioned above, the agent validates the OS kernel in an ongoingmanner as kernel operations are required. This kernel access control 700is shown in FIG. 7 in terms of continuous runtime system integrity. Thesequence of how the entire system integrity is maintained whenever anyapplication makes an OS request for kernel services. In FIG. 7, aninstalled and running application (i.e., user application) 710 is shownmaking a request for OS services or resources 711. This request ispassed to the OS kernel 712 and which request is, in turn, passed alongto the agent 713 via the LSM functionality that will ultimately allow ordeny the request. The criteria used by the agent 713 to allow or denythe application request may include: system/application integrity,application permissions, application behavior, security context forother applications that may be running, and remote commands (element216, shown previously in regard to FIG. 2A).

The agent decision criteria related to system/application integrityincludes whether tampering has been detected to either system orapplication components.

The agent decision criteria related to application permissions includeswhether the application has the necessary permissions to make such arequest. In the Android™ OS, such permissions are declared in a manifestfile that is associated with the application. Application developersmust declare these permissions and it is up to the consumer to grant ornot grant these permissions which may be problematic as consumers arenot typically aware of security implications of their actions.

The agent decision criteria related to application's behavior disregardswhether an application may have permissions to access certain kernelservices and instead relies upon the application's behavior. Forexample, an application that requests consumer GPS coordinates every 15seconds and then attempts to send such coordinates to a third party viasome messaging protocol such as SMS, could potentially be “spyware.”Such behavior therefore may result in request denial even though theapplication may have permissions associated with the kernel servicerelated to GPS coordinates (i.e., the agent would block access if theapplication had rights granted to location data, but not rights grantedto SMS data).

The agent decision criteria related to the security context of any otherapplications that may be running also disregards whether an applicationmay have permission to access certain kernel services and instead looksto whether allowing a request when another trusted application isrunning could negatively affect one or more of these trustedapplications. In other words, the agent properly enforces permissions atrun time. For example, the requesting application may try to accesscertain memory or drivers to capture high definition video after atrusted high definition video player application that implements digitalrights management has decrypted the video thereby calling into questionthe appropriateness of the high definition video data usage by therequesting application (i.e., the agent may block access to the screenbuffer memory, though allow the playing of the video itself).

The agent decision criteria related to remote commands involve providingthe agent the ability to support commands from a remote entity (e.g., aservice provider) that could override the applications permissions orprivileges. For example, a mobile operator may wish to disable a mobiledevice that has been stolen. In this case, the agent would also basedecisions to provide system access on remote commands that would preventthe device from being used by an unauthorized user of the device. Forexample, a mobile operator may wish to disable or limit the access anapplication or applications have to network services or other kernelresources in the event that such an application is causing problems withnetwork reliability or stability (e.g., by generating a high volume oftraffic or connections that cannot be sustained by the network). In thiscase, the agent could override the privileges that the application hasor prevent the application from executing at all.

Further, such commands from the remote command controller may be used tolimit permissions (e.g., reduce privileges, change privileges, or revokeprivileges). Further, such commands from the remote command controllermay be used to remove applications from the device, includingterminating the application if currently executing, removing theapplication from memory, or un-installing the application completely.Overall, it is important to note that the described embodiment may notonly serve to “kill” applications, but may also serve to limit access tosystem resources beyond the access that is implied in the privilegesassociated with the given application—e.g., even if an application hasthe privilege to send SMS messages, this is not quantified in theprivileges such that when the application sends, for example, 10,000 SMSmessages an hour, the agent could “throttle this back” based on some“normal behavior” template stored in the agent secure store or based onremote commands. Still further, the agent may be used to reportanomalous behavior back to the remote entity so that, for example, amobile operator or designated third party could make decisions aboutwhat to do (e.g., an application has made X requests for a systemresource over some period of time).

Using the aforementioned criteria for ongoing runtime system integrity,the kernel access control 700 shown in FIG. 7 includes an initial OSrequest by the user application 710 at step 1. In turn, the applicationat step 2 creates a software interrupt or otherwise creates an event forthe OS. In the OS kernel 712, the LSM receives the request 711 (i.e.,interrupt/event) and passes the request 711 to the agent 713 at step 3.The agent 713 integrity verifies the application 710 and the permissionsat step 4 using the criteria described above. At step 5, the agent 713validates the user request memory stack. Thereafter, the agent 713integrity verifies the OS kernel image in memory at step 6. Aspreviously mentioned, IV checks are run on an ongoing basis by the agent713. This check verifies that the IV process is still running and hasnot detected any evidence of tampering. Based upon the system validationprocess (steps 4, 5, and 6), the agent 713 therefore allows or deniesthe request, and, at step 7, the allowance or denial of the request ispassed along to the OS kernel 712. In turn, the OS kernel 712 passesalong the allowance or denial of the request at step 8. At such point,the application event returns control back to the application 710 atstep 9 with the decision to allow or deny the request.

As in the continuous runtime system integrity of FIG. 7, it should beunderstood that the application can also be validated in an ongoingmanner. Accordingly, there is shown runtime validation of an applicationrequest in FIG. 8. In general, an application must not be tampered within any way or validation here will fail. The stack diagram 800 in FIG. 8illustrates how the some embodiments can efficiently providesapplication integrity monitoring while maintaining system integrity atthe same time. The address spaces for the agent 812, OS kernel 811, andapplication 810 are shown. As the agent is embedded in the OS kernel, itshould be understood that the agent address space 812 is thereforeshared with the OS kernel address space 811. Return addresses in thecalling stack are data points into integrity verification informationthat is contained in the agent. The start of runtime validation (at step1) of the application involves the agent walking the stack of therequest for OS service while validating all return addresses (at steps 2through 4) and performing integrity verification on the address rangeutilizing the call stack signature as described below. When anapplication makes a request for any OS kernel service, the OS kernelpasses along this request of a kernel service to the agent. This OSkernel is LSM enabled such that the agent is required to allow or denythe request.

The runtime call stack signature calculation can be accomplished usingthe distance (in bytes) between each return address on the stack to thetop of the stack. Table A represents example call stacks for the agent812, the OS kernel 811, and the application 810.

TABLE A Call Stack Frame Stack Element Filter Signature Owner “ReturnAddress” Comments Agent Return Address Current Stack Position (must beAgent Address Space) 12 bytes Agent . . . Variable length stack frameAgent Return Address Calculate the bytes inbetween 23 bytes OS Kernel .. . Variable length stack frame OS Kernel Return Address Calculate thebytes inbetween 44 bytes OS Kernel . . . Variable length stack frame OSKernel Return Address Calculate the bytes inbetween 10 Bytes User App .. . Variable length stack frame User App Return Address Calculates thebytes inbetween User App Top of Stack

The signature from the above example includes an application unique userID randomly assigned during installation and a collection of call stacksignature bytes as seen in Table B.

TABLE B Application Identifier (2-8 bytes) Call Stack Signature (2-128bytes)

In terms of the example of TABLE B, the signature of call stack of“Application ID 12032” would be “12032:12:23:44:10” and used in theintegrity verification check by the agent.

The depth of the stack can have a variable length but in the example,does not to exceed 128 samples. Also, the depth of the stack between theOS kernel and the agent is known and calculated prior to the applicationcalling the OS kernel services. From this calculation, the agent maydetermine that all the return addresses on the call stack are includedin the integrity verification signature range when the application andsystem components were provisioned. It should be understood that all thereturn addresses can be found in the list of signatures of the signedapplication and system components, which are stored in the agent securestore, in order for the agent to allow the OS to service theapplication.

As shown in FIG. 8, there is detailed a runtime call stack signaturevalidation sequence. The validation sequence begins at step 1.Thereafter, at step 2, the agent examines the stack and determines thereturn address which identifies the location of the calling code in theOS Kernel address space 811. Based on the calling code, the agent atstep 3 verifies that the caller is legitimate and has recently andsuccessfully had its integrity verified. There may be several layers ofthis checking in the OS Kernel address space 811, as indicated in FIG.8. Thereafter, at step 4, a similar return address determination andvalidation process is performed as calling code in the stack appearsfrom the application address space 810. Again, there may be severallayers of this checking in the application address space 810, as shownin FIG. 8.

During runtime, it should be understood that application permissionsshould be enforced on an ongoing basis as applications are subject todynamic attacks (e.g. portions of an application or its associatedpermissions could be modified during execution using a debugger). Suchapplication permission enforcement 900 is shown in FIG. 9. Here, anyrequest that an application 914 makes to the OS kernel 913 afterinstallation of the application 914 will be validated using the signedenhanced permission container manifest 910 that is stored in the agentsecure store 911. The agent 912 will allow or deny the request based onthe integrity of the system and the permission provided in the enhancedpermission container 910. The enforcement sequence includes anapplication 914 making an OS request at step 1 and, at step 2, the OSkernel 913 validates the request with the agent 912. At step 3, theagent 912 validates the OS integrity as already described above.

Step 4 provides that the agent 912 validates the type of OS Kernelrequest from the signed enhanced permission container manifest 910. Itis important here to note that, at run-time, the requesting applicationis only granted access to OS Kernel services that are contained withinthe signed enhanced permission container manifest 910 which contains therequested permissions as identified by the application developer priorto submission of the application to certification. Moreover, thismechanism maintains the security and integrity of the system, even ifthe application developer does not correctly identify all kernelservices that their application attempts to access at run time.

Once the agent 912 validates the type of OS Kernel request from thesigned enhanced permission container manifest 910, the agent 912 thenpasses the allow or deny decision based on the validation in the steps 3and 4 to the OS kernel 913 at step 5. Subsequently, the OS kernel 913passes such allow or deny decision to the application 914 at step 6based on the agent decision passed to it.

Loadable Kernel Modules

A common attack vector used by malware, including rootkits, is toinstall loadable kernel modules to execute the malicious payload andprobe the system for further vulnerabilities. Loadable kernel modulescontains code that is used to extend the running OS kernel to addfunctionality or support for new hardware, file systems or for addingsystem calls. Dynamically loading kernel module code as it is needed isattractive as it keeps the OS kernel size to a minimum and makes the OSkernel very flexible. In addition to loading kernel modules on-demandwhen needed by the OS kernel, kernel modules can be loaded manually byusing, for example, the insmod utility in a Linux-based OS such asAndroid.

Malware can take advantage of a vulnerability in the operating systemthat can allow a kernel module to be installed into the OS kernel. Forexample, the Mindtrick Android rootkit leverages loadable kernel modulesto install kernel level components, and then accesses low levelfacilities of the OS kernel, such as SQLite, to access private data suchas call records and SMS/MMS messages.

Referring to FIG. 10, a loadable kernel module enforcement process 1000is illustrated where the agent 1012 determines whether to install aloadable kernel module. A request 1014 to install a loadable kernelmodule is made to the OS kernel 1016 in step 1. The request 1014 can bea dynamically generated request or a manual request (e.g. via insmod),and can be generated from either the OS kernel layer or the applicationlayer. Next, at step 2, the request to the OS kernel 1016 calls theagent 1012 via the LSM functionality to validate the request to load theloadable kernel module (e.g. via hooks in the code of the OS kernel 1016that installs a loadable kernel module, such as insmod).

The agent 1012 validates the request based on a number of factors. Forexample, the agent 1012 can deny any request from the application level(e.g. user mode process) or that was generated manually (e.g. via insmodutility). Validation performed by the agent 1012 can further includevalidation of the loadable kernel module code object itself. Validationcan further include verification that the loadable kernel module iscertified and/or signed by an authority, such as, for example, via theprocess described with respect to FIG. 5. For example, the agent 1012can perform integrity verification on the loadable kernel module todetermine that the loadable kernel module is properly signed by theappropriate authority and that the loadable kernel module has not beenmodified. This validation can be performed against information stored inthe agent secure store 1018 in step 3. Finally, in step 4, the agent1012 passes the allow or deny decision based on the validation decisionto the OS kernel 1016. The OS kernel 1016 will then install the loadablekernel module based on the decision received from the agent 1012. Byusing the above process, the agent 1012 can prevent rootkit attacks thatattempt to install its payload using a loadable kernel module.

System Call Table

Another attack vector used by malware is the system call table. Thesystem call table is a table of pointers to functions that are used torequest a service from the operating system. When a system call isissued, the application is interrupted and control is given to the OSkernel to execute the function in kernel mode. Malware, such asrootkits, frequently attack the system call table by overwriting entriesto re-direct system calls made by the OS kernel to the malicious payloadcode of the malware that can then execute in kernel mode.

The OS kernel stores the system call table under a structure calledsys_call_table in Linux and Android. Modern Linux kernels no longerallow the sys_call_table to be exported and it can only be accessedthrough a loadable kernel module that has access to kernel memory. Linuxkernels also typically write protect the sys_call_table so that thememory page containing the sys_call_table is read-only. But thisapproach does not protect against a compromised kernel mode process orwriting the sys_call_table during initiation of the OS Kernel. A fewsystem calls are exported, such as sys_read( ) and sys_write( ), and areavailable to loadable kernel modules. The aforementioned MindtrickAndroid rootkit used a loadable kernel module to intercept system callsto some of these exported system calls to discover and intercept higherlayer functions of the OS Kernel of the Android device.

Referring to FIG. 11, a system call table protection process 1100 isillustrated where the agent 1112 blocks attempts to over-write thesystem call table 1113. The sequence of how the system call tableintegrity is protected is shown with respect to a request 1114 to writeto memory. The request 1114 can a be a request to write to systemmemory, such as a sys_write( ) request to the OS kernel 1116, forexample, and can be initiated from a user-mode or kernel-mode process orapplication. This request 1114 is passed to the OS kernel 1116 in step1. The request is then passed along to the agent 1112 via the LSMfunctionality in step 2. The agent 1112 will then either allow or denythe request 1114 and return control to the OS kernel 1116 in step 3.

Typically, user-mode processes will be restricted from writing to systemmemory in the OS kernel address space. The agent 1112 can furtherenforce this by evaluating whether the calling process or application isa user-mode or kernel mode process. If an attacker is able to installtheir own loadable kernel module into the OS kernel 1116 then themalicious loadable kernel module can attempt to overwrite the systemcall table. This is how the Mindtrick rootkit accesses the system calltable. The agent 1112 can determine if the request to write memory iswithin the range of the address space of the system call table 1113.

The agent 1112 can perform bounds checking on the memory write requestto determine whether the write request 1114 is an attempt to overwritethe memory range of the system call table 1113. In some embodiments, theagent 1112 can be implemented as additional code that is hooked into thesys_write( ) system call to block writing to the sys_call_table. Thisprocess provides added protection above performing integrityverification on the system call table and the system call interrupthandler code that may be more difficult to protect dynamically duringruntime.

Anti-Debug

Debugging tools are also commonly used as an attack vector and can alsobe used to discover vulnerabilities in the OS Kernel or otherapplications executing on the device. OS kernels typically include asystem call to trace the operation of another process, such as ptrace,for example, which is used in Unix based operating systems includingLinux and Android. Using ptrace, or similar process tracing utilities,can allow a parent process to observe and control the execution of atarget process. Control over the target process can include manipulationof its file descriptors, memory, and registers, as well as manipulationof the target process's signal handlers to receive and send signal. Theability to write to the target process's memory allows ptrace to alterthe target process's code to install breakpoints or otherwise alter therunning code. Ptrace is used by debuggers, and other tracing tools, suchas strace and ltrace that monitor system and library calls,respectively. The inter-process spying provided by ptrace and debuggerscan be used to develop and execute rootkit malware attacks.

Android provides a debug bridge as part of the Android softwaredevelopment kit that allows a developer to communicate with and controlan Android device over a serial connection (e.g. USB) to test theirdevelopment software code. The Android device runs a daemon, referred toas the Android Debug Bridge daemon or ADBd, to which a client connectsin order to control the device. The ADBd process is often exploited bymalware attacks to provide root privileges or kernel mode operation onthe device. For example, the RageAgainstTheCage rootkit exploits ADBdthrough a resource exhaustion attack that causes ADBd to fail and remainoperating as root. When ADBd runs as the root user, the shell providedto the client will also run as the root user.

Referring to FIG. 12, a debug utility blocking process 1200 isillustrated where the agent 1212 blocks attempts to access debugutilities. The sequence of how the debug blocking process operates isshown with respect to a debug request 1214. The debug request 1214 canbe a system call to a process tracing utility or request made to adebugging utility. For example, the debug request can include a systemcall to a utility to facilitate debugging, such as ptrace, for example.Another example can include a request to a debug utility, such as adebug daemon running as part of the OS kernel (e.g. ADBd). The debugrequest 1214 is passed to the OS kernel 1216 in step 1. The request isthen passed along to the agent 1212 via the LSM functionality in step 2.The agent 1212 will then either allow or deny the debug request 1214 andreturn control to the OS kernel 1216 in step 3.

The agent 1212 can evaluate whether the parent process has theappropriate privileges to allow the debug utility to attach to thetarget process. For example, a process associated with one user ID maynot be allowed to attach the debug utility to a process of another userID or group ID to which the first user ID does not belong. The agent1212 can further limit the attaching of the debug utility based onwhether the target process is certified or signed (e.g. an integrityverified process) or an OS kernel 1216 process/component. Blocking orpreventing a debug utility from attaching to certified applications andthe OS kernel can prevent a malicious attacker from discoveringvulnerabilities in this software code and prevent exploitingvulnerabilities that can exist in the debug utility. Blocking access tothese processes can be performed without inhibiting development ofnon-malicious software.

The above-described embodiments are intended to be examples only.Alterations, modifications and variations may be effected to theparticular embodiments by those of skill in the art without departingfrom the scope of the invention, which is defined solely by the claimsappended hereto.

The invention claimed is:
 1. A method for increasing security of acomputing device running an operating system and at least oneapplication, the method comprising: embedding a secured software agentwithin an OS kernel of the operating system; authenticating, by a Javalayer, communication between machine executable code of a Dalvik layerand the secured software agent; providing a bridge between the at leastone application and the secured software agent; and verifying, by thesecured software agent, an integrity of the at least one application. 2.The method of claim 1, wherein the secured software agent implements aLinux Security Module Interface and wherein the secured software agent:inserts one or more upcalls at points in the OS kernel where auser-level system call from an application would result in access to aninternal OS kernel object; receives, from the OS kernel, via at leastone of the one or more upcalls, a request to modify or debugfunctionality of the OS kernel; determines whether the request is avalid request; and limits access to the OS kernel based at least in parton a determination that the request is not a valid request.
 3. Themethod of claim 2 wherein the request to modify or debug functionalityof the OS kernel comprises a request to use a kernel module which isconfigured to extend functionality of the OS kernel.
 4. The method ofclaim 3, wherein the kernel module is a loadable kernel module and therequest to use includes a request to load the kernel module.
 5. Themethod of claim 4 wherein determining whether the request is a validrequest comprises one or more of: validating code of the loadable kernelmodule based at least in part on validation information stored in asecure store; or performing integrity verification on the loadablekernel module based at least in part on integrity verificationinformation stored in a secure store.
 6. The method of claim 2 whereinlimiting access to the OS kernel includes the secured software agentpreventing loading of software code to extend functionality of the OSkernel and wherein the request to modify or debug functionality of theOS kernel comprises a request to modify a system call table stored inthe OS kernel, the system call table comprising one or more pointers tofunctions instantiated by the OS kernel.
 7. The method of claim 6wherein the software code is a loadable kernel module and determiningwhether the request is a valid request comprises one or more of:determining whether the request is part of a user process or a kernelprocess; or determining whether a write address associated with therequest is within an address space of the system call table.
 8. Themethod of claim 1, wherein the at least one applications are scripted.9. The method of claim 1, wherein the Java layer is a Java accesscontrol layer.
 10. The method of claim 1, wherein the secured softwareagent: verifies that a correct secure boot loader path was followed; andverifies an integrity of the OS and boot loader.
 11. An apparatus forincreasing security of a computing device running an operating systemand at least one application, comprising: at least one processor; and atleast one memory operatively coupled to the at least one processor andhaving instructions stored therein which, when executed by the at leastone processor, cause the at least one processor to: embed a securedsoftware agent within an OS kernel of the operating system;authenticate, by a Java layer, communication between machine executablecode of a Dalvik layer and the secured software agent; provide a bridgebetween the at least one application and the secured software agent; andverify, by the secured software agent, an integrity of the at least oneapplication.
 12. The apparatus of claim 11, wherein the secured softwareagent implements a Linux Security Module Interface and wherein thesecured software agent is configured to: insert one or more upcalls atpoints in the OS kernel where a user-level system call from anapplication would result in access to an internal OS kernel object;receive, from the OS kernel, via at least one of the one or moreupcalls, a request to modify or debug functionality of the OS kernel;determine whether the request is a valid request; and limit access tothe OS kernel based at least in part on a determination that the requestis not a valid request.
 13. The apparatus of claim 12 wherein therequest to modify or debug functionality of the OS kernel comprises arequest to use a kernel module which is configured to extendfunctionality of the OS kernel.
 14. The apparatus of claim 13, whereinthe kernel module is a loadable kernel module and the request to useincludes a request to load the kernel module.
 15. The apparatus of claim14 wherein determining whether the request is a valid request comprisesone or more of: validating code of the loadable kernel module based atleast in part on validation information stored in a secure store; orperforming integrity verification on the loadable kernel module based atleast in part on integrity verification information stored in a securestore.
 16. The apparatus of claim 12 wherein limiting access to the OSkernel includes the secured software agent preventing loading ofsoftware code to extend functionality of the OS kernel and wherein therequest to modify or debug functionality of the OS kernel comprises arequest to modify a system call table stored in the OS kernel, thesystem call table comprising one or more pointers to functionsinstantiated by the OS kernel.
 17. The apparatus of claim 16 wherein thesoftware code is a loadable kernel module and determining whether therequest is a valid request comprises one or more of: determining whetherthe request is part of a user process or a kernel process; ordetermining whether a write address associated with the request iswithin an address space of the system call table.
 18. The apparatus ofclaim 11, wherein the at least one applications are scripted.
 19. Theapparatus of claim 11, wherein the Java layer is a Java access controllayer.
 20. The apparatus of claim 11, wherein the secured software agentis configured to: verify that a correct secure boot loader path wasfollowed; and verify an integrity of the OS and boot loader.